CAF-AI-001 AI-Assisted Vulnerability Triage
This draft standard defines minimum expectations for using AI during vulnerability triage.
Requirements
- AI output must be treated as an assistant, not the final authority.
- Findings must include affected asset context, observed behavior, security impact, and reproduction notes.
- Confidence must be tied to evidence quality.
- Human review is required before publication or escalation.
Contribution status
This standard is open for community review and improvement.